Apache, Tomcat, USP Setup

1
Apache, Tomcat, USP Setup

• Installation, Configuration and Management of
  OECN RPC and Web Services

2
Overview

• Technical Overview
• Architecture
• Pieces and parts and how they fit
• OECN RPC Service and USP (Universal Service
  Provider)
• Java and J2EE
• Jakarta Tomcat web container and Apache Web
  Server
• Installation
• Configuration
• OECN RPC
• Tomcat Apache (or IIS)
• Management and Monitoring

3
Motivations

• Why are we doing this?
• Web enabling existing user interfaces
• Modernize application interfaces (SOAP)
• Preserve investment in existing hardware and
  software, while reducing dependency on existing
  hardware and OS
• Reduce costs and risks relative to complete
  rewrite
• Provide Migration strategy from OpenVMS (without
  requiring it)

4
Why Java J2EE?

• Advantages of Java and Java 2 Enterprise Edition
• Low cost
• No licensing for development or run-time
  environments
• Open source and commercial alternatives available
• Platform independence
• Runs anywhere, including on OpenVMS
• Provides migration from OpenVMS
• Does not limit hardware or OS choices
• Broad industry and standards support

5
USAS Architecture Migration Diagram
(Current plans and Future Possibilities)
Application Tier
Client Tier
Presentation Tier
Current Server Tier

(OpenVMS)
(Any Java 2 Platform)
(Any Java 2 Platform)
Web Server/
Web
USAS RPC
USP
J
2EE Container
Browser
USP
USAS Data
Service
Client
RPC Calls
(RMS)
(Planned)
RPC
(Existing USAS
(Tomcat, JSP,
routines)
(Axis)
Servlets, Struts, etc)
GUI Work
USAS Business Service Classes
Station
Java GUI Client
Future Server Tier
(Future)
USAS SOAP Service
(Future)
(F
uture Platform)
EJB
Server
RPC,
RPC-XML Calls
(J2EE)
JMS,
3rd Party
etc
(Future)
Applications
JDBC
USAS
(SQL)
RDBMS
SQL Queries
(SQL)
Symbols filled with hash marks indicate future
possibilities for growth into platform
independent modules and services based on the
J2EE architecture. Actual
implementation decisions can be deferred into
future. The business layer isolates
the presentation layer from implementation
details.
6
USP Universal Service Provider

• OpenVMS Layered Product from HP STABLIT
• Provides middleware framework for making 3GL
  routines available as RPC
• Listens on TCP port 9100 for client connections
• Handles network process startup and monitoring
• Provides both server and client API for
  interacting with services
• The OECN RPC service is layered on USP

7
OECN RPC (Remote Procedure Call)

• Service runs on OpenVMS server with USP
• Provides user and security context for remote
  user
• Permits remote application to call OECN software
  routines
• One VMS process for each connected user
• Uses SETUPENV to configure logical environment
• Enforces standard OpenVMS security features (UAF
  restrictions, break-in detection and evasion)
• Uses an XML (SOAP-like) protocol for exchanging
  messages and data between client and COBOL
  routines

8
OECN RPC

• Consists of
• OECNRPC_SERVER.EXE
• Service image initiated by USP
• Handles authentication and impersonation of user
• Dispatches clients calls to package specific
  routines
• OECNRPC_package.EXE
• Package specific routines available as RPC calls
• OECN RPC can only call routines in these
  predefined images
• Cannot make calls to arbitrary routines on
  OpenVMS
• OECNRPC_CONFIG.COM
• Configuration procedure for USP Service
• Includes simplified management options (start,
  stop, etc)

9
OECNRPC_CONFIG
10
OECN_RPC Configuration
11
OECN RPC Debug Mode

• Per user debug mode
• Writes detailed XML request/response files to
  users login directory
• Writes more detailed messages to OECN_RPC_.LOG
  files
• Enable with
• DEFINE OECNRPC_DEBUG_username YES
• Must be system-wide or in RPC Prolog file

12
Java/J2EE

• J2EE Java 2 Enterprise Edition
• Set of standards based APIs and framework for
  enterprise applications
• Web application standards
• XML API, SOAP-RPC
• Mail API
• Applications written to J2EE standards can run
  under any J2EE implementation
• OECN web applications are written to J2EE
• Should run on any platform with J2EE web
  container
• Currently tested under Tomcat Jetty, but other
  web containers should work

13
Jakarta Tomcat

• Part of the Apache Software Foundation
• Reference implementation of J2EE web container
• Maintained by Apache as Open Source project
• Version 5.0 aka Catalina
• Web container provides
• Environment for web application (request/response
  handling)
• Session management
• Similar to what IIS does for ASP pages
• Includes its own HTTP server or
• Can use connectors to use other HTTP server as
  front end
• SSDT recommends Apache as front-end for SSL
  (HTTPS)

14
Web Server (Apache or IIS)

• Web server can be placed in front of Tomcat
• Provide HTTPS encryption
• Improved performance (keep-alive)
• Connectors
• Plug-ins for web server to connect to Tomcat
• Available for most web servers (Apache, IIS, etc)
• Can use Reverse Proxy in Apache 2.0
• SSDT recommends Apache on all platforms

15
Installation

• Basic Steps
• Install USP on OpenVMS
• Configure OECN RPC service
• Install Java 1.5.x or higher
• Install Tomcat 5.5.x or higher
• Install Web Server
• Install OECN application (e.g. USASweb)

16
USP Installation

• Download kit and installation guide from
  http//www.stabilit.ch/
• Straight-forward PCSI installation
• After installation execute USPCONFIG.COM
• Configure RPC
• Do not need BCT services
• Add USPSTARTUP to SYSTARTUP_VMS.COM

17
Configure OECN RPC

• OECNRPC_CONFIG.COM from OECN
• Configures USP parameters for OECN RPC
• Sets maximum number of users and timeouts
• Creates OECNRPC username used by service
• Initial login environment and process quotas come
  from this user
• Must have IMPERSONATE privilege
• Should have only NETWORK access
• Can be re-run to reconfigure or start/stop service

18
SETUPENV (OECNSETUP.INI)

• User impersonation does not include LOGIN.COM or
  group logicals
• SETUPENV must provide
• Definitions for required logicals (OECNDTA)
• IDENTIFIER to allow appropriate users access
• Users with access to multiple district will see
  options
• All features of SETUPENV supported
• Group or shared logical name tables
• Search lists
• Note Errors in OECNSETUP can cause OECN RPC to
  fail

19
Sample SETUPENV entries
20
Apache/Tomcat on Any Platform

• J2EE components can be on any platform, these
  have been tested
• OpenVMS
• Windows
• Linux
• SSDT prefers Linux or Windows
• Cheaper hardware
• Save OpenVMS resources

21
Choosing the Platform

• Factors to consider
• Available hardware
• Do you have a system with spare cycles and
  memory?
• Familiarity with OS and web server
• Are you better on Windows, OpenVMS or Linux?
• Or do you want to learn Linux?
• Anticipated support requirements
• If you expect to need a lot of help, stick with
  OpenVMS
• Unless SSDT can reach your Windows/Linux servers
• Wherever you put it, the software is available
  free

22
Installing Java

• OpenVMS
• Get JAVA_150 SDK from HP
• Standard PCSI installation (take defaults)
• Windows
• Get Java SDK 1.5 (or higher) from
  http//java.sun.com/
• Standard windows installer
• Linux
• Get Java SDK 1.5 (or higher) from Sun or Linux
  vendor
• Installation varies depending on Linux variety

23
Installing Tomcat

• OpenVMS
• Get CSWS_JAVA from HP
• Standard PCSI installation
• Must have ODS-5 volume
• Windows
• Get Tomcat 5.5.x from http//jakarta.apache.org/
• Windows installers available
• Do NOT install into \Program Files\.
• Spaces in directories are evil
• Linux
• Get Tomcat 5.5 from http//jakarta.apache.org/
• Installers available depending on Linux flavor

24
Installing Web Server

• OpenVMS
• Get CSWS 1.3 (soon 2.0) from HP
• Standard PCSI installation
• Preferably install on same ODS-5 volume as
  Tomcat, but not required
• Windows
• Apache (1.3 or 2.0) installers from
  http//httpd.apache.org/
• Windows installers available
• IIS included with Windows 2000
• Linux
• Apache included in most Linux installations
• Installation varies depending on Linux flavor

25
Configuring Tomcat

• Rather little configuration of Tomcat
• Edit /conf/server.xml if must run on different
  port (default is 8080)
• Adjust MaxThreads and MinSpareThreads
• Edit /conf/tomcat-users.xml to create a manager
  account to manage tomcat and USAS application
• Default configuration for connectors should work,
  unless need to change ports
• Set max memory on Java command (-XmxNNNm)

26
Configuring Apache -gt Tomcat

• Connectors are confusing
• Varies depending on platform and versions
• Use mod_jk2 if available
• But on OpenVMS is easy
• Execute APACHEJAKARTA.COM
• Choose Configure for Jakarta Adapters
• Choose Enable JK2 or Enable JK
• Restart Tomcat and Apache
• Can use Reverse Proxy in Apache 2.0

27
Mount Application for MOD_JK

• For MOD_JK, add this to HTTPD.CONF

JkMount /usasweb JkMount /usasweb/
28
Mount Application for MOD_JK2

• JK2 is different, add this to WORKERS2.PROPERTIES
  in Apache /CONF directory

uri/usasweb/ infoUSAS Web application
29
Connectors for IIS

• isapi_redirector.dll is ISAPI Filter
• Intercepts requests for Tomcat application
• Redirects to Tomcat AJP connector
• Recommend mod_jk version (instead of mod_jk2)
• Configuration is messy and confusing, but has
  been done

30
Installation of SSDT Web App

• Drop WAR file into Tomcat webapps directory
• Restart Tomcat
• Tomcat
• unpacks the war file
• deploys the application into new context
• Context name is name of WAR file.
• Edit configuration files in
• context/WEB-INF/classes

31
USASweb Configuration files

• Located in \usasweb\WEB-INF\classes
• UsasService.properties
• Connection string for OECNRPC service
• Must reference the OpenVMS
• Default is usprpc//localhost9100OECN_RPC
• LocalResources.properties
• Provides self-reference to the application URL
• Must be changed if Tomcat runs on different port
• Should almost always refer to localhost and to
  Tomcat port (instead of web server port). Does
  not need to be same URL that users use to access
  web application
• See StrutsResources for other things that can be
  overridden, but do so carefully

32
Examples
UsasService.Properties USPConnectionStringusprp
c//localhost9100OECN_RPC USPConnectionStringus
prpc//nwoca.org9100OECN_RPC LocalResources.Pro
perties WebContextPathhttp//localhost8080/usa
sweb/ WebContextPathhttp//localhost9080/usasweb
/
33
Management/Monitoring

• Whos logged in?
• FSYS/IMAGEOECNRPC/DETACH/BRIEF
• One process per connected user
• Starting/Stopping USP
• _at_SYSSTARTUPUSPSHUTDOWN
• _at_SYSSTARTUPUSPSTARTUP
• Beware of STOP/ID on OECNRPC service. Can cause
  USP to stop accepting connections

34
Log files UPS and OECNRPC

• OECN_RPC_nnnnn.LOG in USPLOGS
• Per user session logs
• When application complains about XML or OECN
  service
• May contain errors from COBOL Routines
• Protection violations
• File not found
• Insufficient security identifiers
• Usually severe and unexpected errors

35
Sample OECN_RPC log
36
Tomcat Logs

• Tomcats Standard output
• APACHEJAKARTA_SERVER_OUTPUT.LOG
• Other names on other platforms
• stdout.log, stderr.log, etc
• Contains
• Problems with Tomcat
• Problems with Java (memory)
• Severe errors not trapped by application
• Localhost_log_ltdategt.txt
• Contains
• Problems with applications
• Problems more specific to applications
• Errors related to problems deploying the
  application

37
USAS web logs

• usas_webapp.log
• Resides in home directory of user running Tomcat
• Often the first place to look for application
  errors
• Tomcat and application are running
• But application is not working
• Contains
• Log messages generated by SSDT written code
• Logs errors specific to USAS web application
• Four levels of logging set by log4j.properties
• DEBUG
• ERROR (default)
• WARN
• INFO

38
USAS /admin.do page

• Displays configuration information and status of
  SOAP server
• Must have Tomcat manager role to access
• If cant login to app, reach admin page
• http//yourhost8080/usasweb/admin.do

39
Memory

• USAS application runs in same JVM as Tomcat
• May require additional resources
• VMS
• VMS quotas applied to APACHEWWW user
• Settings via .tomcatrc file and
  TOMCAT_VM_ARGS.DAT
• Stack size set with arguments to Tomcat startup
  command
• -Xms64m -Xmx512m -Xglobal256m
• Passing is implementation specific

40
FAQ What are .do files in URL?

• They are not files
• They are logical actions that refer to Struts
  actions
• See struts-config.xml if curious
• The pages are generated with JSP
• but user can not reference JSPs directly
• Security feature which prevents user from
  circumventing application flow and security
  controls

41
JMX Management

• Java Management Extensions
• Standard API for managing Java VM and Apps
• Local and Remote monitoring
• Monitors
• Memory
• Threads
• VM Status
• Manages
• JVM
• Custom MBeans
• Tomcat
• SSDT Components

42
JMX Remote Configuration

• System Properties enable remote management
• Add to Tomcat startup
• Password file must be owned by user running JVM

-Dcom.sun.management.jmxremote -Dcom.sun.managemen
t.jmxremote.port8002 -Dcom.sun.management.jmxremo
te.sslfalse -Dcom.sun.management.jmxremote.authe
nticatetrue -Dcom.sun.management.jmxremote.passwo
rd.filefilespec -Dcom.sun.management.jmxremote.ac
cess.filefilespec
43
JMX Client (jconsole)

• Jconsole is JMX client included with JDK
• Install JDK on workstation and add java/bin to
  path
• Run jconsole
• Connect to hostport
• Where port is the port defined in system
  property

44
(No Transcript)
45
(No Transcript)
46
(No Transcript)
47
(No Transcript)
48
(No Transcript)
49
Primer on Java Garbage Collection

• Java is a Garbage Collecting Language
• Programmers allocate objects for storage
• But do not explicitly free objects
• The JVM free memory for objects that are no
  longer referenced
• Done automatically by Garbage Collector
• Memory leaks are less likely
• Different applications have different memory
  usage characteristics
• Some create many short lived objects
• Others have large long lived objects
• Web applications often have mixture of both

50
Garbage Collectors

• GC is part of JVM Implementation
• Different implementations use different
  techniques
• Suns Hotspot VM has three GCs
• Serial
• default in most cases
• Throughput (-XXUseParallelGC)
• GCs goal is to maximize throughput
• Concurrent Low Pause (-XXUseConcMarkSweepGC)
• GCs goal is to minimize pause time

51
Selecting a GC

• Default is usually sufficient
• JVM chooses default by machine class
• But Windows is never treated as server class
• Specifying throughput or current
• May reduces pauses in application
• Preferred if system has multiple CPUs
• Especially if server is poor on memory
• GCs run in threads in parallel with application
  threads

52
Generational GC and Heap Pools

• Objects are kept in pools in Heap
• Eden space
• Young objects
• Collected during a minor collection which
  occurs frequently
• Survivor space
• Objects that have survived one or more minor
  collections
• Tenured space
• Long lived objects that have promoted from
  Survivor
• These pools can be monitored with JMX using
  jconsole

53
SSDT JMX MBeans

• The Problem
• SSDT must write Admin pages for viewing
  configuration and session information
• Currently unable to see parts of application
  because no interface
• Inconsistent and multiple Admin interfaces in
  each webapp
• The Solution
• SSDT just exposes an JMX MBean
• JMX Provides standard interface for any MBean
• First MBean in USAS Web and SOAP V2.2
• Will show information about middle tier (SOAP
  layer) sessions
• Show session statistics
• Adjust timeout period
• Future MBeans will replace or supplement existing
  Admin interfaces